As a temporary precaution, Google has disabled the prepaid credit card feature from its Android digital-payment app, Google Wallet, after two different reports of security vulnerabilities.
The Google Wallet app lets you pay for things by tapping or swiping your phone at a store’s checkout terminal via NFC (near-field communication) technology. You can attach a prepaid credit card to the app, as well as several gift cards or a Citi MasterCard.
Zvelo, a Web security provider, demonstrated how the Google Wallet PIN on a rooted Android smart phone can be accessed by a hacker. And SmartphoneChamp showed how clearing the data for the app means users are prompted for a new PIN the next time the app launches, meaning a hacker could simply clear the data and make a new PIN to access funds associated with the old PIN.
When Google disabled provisioning of prepaid cards, it also advised against rooting Android smartphones. ("Rooting" a mobile device means removing software and firmware restrictions that may have been imposed by manufacturers or carriers.) Osama Bedier, vice president, Google Wallet and Payments, posted the following at Google Commerce:
"Sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones."
Google has promoted its Wallet app as the next big shift in payment technology that's supposed to eventually replace your credit card, debit card, and other forms of plastic payment. For more information, read our previous coverage: Google Wallet could be the future, but the present is very limited.
Google Wallet pulls prepaid cards as temporary precaution [TechWatch]
Protecting your payments with Google Wallet [Google Commerce]